MARS and vulnerability scanners

jarvoy · ‎06-28-2006

Our new MARS typically shows a large number of false positives. Is it worthwhile to invest into a vulnerability scanner, such as Foundstone, so MARS has a better idea on which systems are actually vulnerable?" I always thought MARS performed scanning on the fly using Nessus. Is this typically good enough to rely on?

Thanks

wong34539 · ‎07-04-2006

The appliance centrally aggregates logs and events from a wide range of popular network devices (such as routers and switches), security devices and applications (such as firewalls, intrusion detection systems [IDSs], vulnerability scanners, and antivirus applications), hosts (such as Windows, Solaris, and Linux syslogs), applications (such as databases, Web servers, and authentication servers), and network traffic (such as Cisco NetFlow).For more info refer the following URL

http://www.cisco.com/en/US/products/ps6241/products_data_sheet0900aecd80272e64.html.

manjsdeol · ‎07-18-2006

Firing events are classified automatically by MARS as system-confirmed false positives or unconfirmed false positives this is due to data reduction feature of MARS,more info on false positive can be found in the below link http://www.cisco.com/en/US/partner/products/ps6241/products_user_guide_chapter09186a00806056e6.html#wp1030968, U r corret MARS do have in built integrated NESSUS scanner,I have tested the VA scanning ability of the MARS the results were pretty satisfying it shoots one incident saying "Vulnerable host found" as soon as it finds one,if you are integrating any VA scanner with MARS it just acts as a catalyst to the existing VA scan capabilities of the MARS.